Spilnota Detector Media

Disclosure Hackers from the occupied territories of the Luhansk region carry out cyber attacks on the Armed Forces of Ukraine

According to the State Special Communications Service, cybercriminals are sending Ukrainian military personnel emails with fake information about the latest weapons. The emails are accompanied by a file containing a RARSFX archive, which contains an EXE installer with the SPECTR malware. This virus collects confidential information, including passwords. In addition, hackers carry out attacks through the Signal messenger, where they send shortcut files that infect devices and allow remote access to the victims' data.

The Center for Strategic Communications and Information Security notes that this cyber group was created before Russia's full-scale invasion of Ukraine and consists of collaborators and former employees of Ukrainian law enforcement agencies.

The purpose of such cyber attacks is to undermine the ability of the Armed Forces of Ukraine to effectively defend the country and destabilize the situation at the front by breaking information systems. By collecting confidential data, including passwords and other important information, hackers can gain access to military plans, unit locations and other critical information, which can jeopardize both military operations and the lives of Ukrainian servicemen. In addition, Russia actively uses cyber attacks for information warfare to discredit Ukraine's defense capabilities in the eyes of the international community, presenting these breaks as weaknesses in the protection of critical infrastructure.

Disclosure Harmful software disguised as a message from the Security Service of Ukraine

Hackers send emails disguised as messages from the Security Service of Ukraine. This was reported by the Center for Countering Disinformation.

According to the government response team CERT-UA, more than 100 infected computers have already been detected, including those belonging to government agencies and local governments. The State Committee for Special Communications reported this.

The emails contain a link to download a file called Documents. But in fact, this link downloads a file that activates the malicious software ANONVNC, allowing attackers to gain hidden, unauthorized access to the victim’s computer.

The State Committee for Special Communications notes that urgent measures have already been taken to reduce the risk of a cyber threat.

Disclosure Russian cyber groups are trying to influence the upcoming US elections

According to Microsoft, Russian hackers have become more active over the past 45 days. At the same time, this activity is still less compared to the 2020 American elections. Reuters reports this.

Messages are distributed through traditional media and social networks by at least 70 cyber groups. Accounts linked to Russia spread controversial content, such as criticizing American support for Ukraine. Moreover, hackers spread disinformation in different languages and allegedly in the name of a “whistleblower” or “journalist”.

The fake messages are then published on a number of websites, including DC Weekly, Miami Chronical and Intel Drop. They write about this in the Center for Strategic Communications and Security at the Ministry of Culture and Information Policy of Ukraine. It should be noted that the mentioned resources are fake, created by Russians and, accordingly, information is distributed to them in the interests of Russia. Previously, we analyzed the manipulation of Russian propaganda, saying that the West and PACE are “interfering” in the Russian presidential elections.

Disclosure Someone is spreading the message that Kyivstar will issue compensation to each subscriber in the amount of 200 hryvnia due to a massive outage

On December 12, 2023, Kyivstar subscribers began to complain about communication failures, while at the same time the company’s website was unavailable for reasons unknown at the time. It turned out that the company was subject to a hacker attack. The Security Service of Ukraine has opened criminal proceedings into a cyber attack against a mobile operator. According to one version, Russian special services may be behind this.

Meanwhile, VoxCheck analysts recorded fraudulent messages that the operator was charging each subscriber a compensation of 200 hryvnia to their mobile account.

Kyivstar specialists wrote on their Facebook page that scammers have become more active on various platforms and are spreading false information about compensation. Because the company has not announced any such initiatives. Experts emphasized that users should not distribute personal data that could end up among scammers.

Fake Russian hackers allegedly destroyed thousands of Kyivstar computers and servers

Russian hackers of the so-called Solntsepek group claimed responsibility for a cyber attack on the mobile operator Kyivstar. They claim to have allegedly destroyed ten thousand computers, more than four thousand servers and all cloud storage and backup systems. It's fake.

The Center for Strategic Communications and Security has processed this information. Kyivstar representative Iryna Lelichenko said in an interview with Liga.net that the personal data of the mobile operator’s users is safe, and the information about the alleged destruction of “computers and servers” is not true. In addition, any “randomly collected technological data” has nothing to do with this cyberattack.

After the cyber attack, the work of the Kyivstar network has already been partially resumed and it started working for users in many regions of Ukraine. To restore communication, sometimes you need to restart your phone.

By inventing information about thousands of destroyed computers and servers, the Russians tried to sow panic among Ukrainians and assure them that they should worry about personal data. We also wrote that the Cyber Police are warning about fraudulent activity in instant messengers aimed at Kyivstar users.

Disclosure Russian hackers attack the “eCherha”, online service for crossing the border

The press service of the Ministry of Infrastructure reported that the Russians are attacking an online service for booking a border crossing for the eCherha (online waiting list) transport. Russian propaganda channels are calling for a cyberattack.

The Ministry notes that the system is now working without failures, however, in case of changes, they promise to inform drivers and carriers, they promise to inform them promptly. The department assures that the personal data of drivers and data of vehicles registered in the system are protected and cannot be accessed by unauthorized persons even in the event of cyber attacks.

Russians often resort to cyberattacks on Ukrainian web pages or services, and the attacks are coordinated through Russian propaganda channels on social networks.

Disclosure Russia uses hackers to gain information for advantage in war

The State Service for Special Communications and Information Protection of Ukraine reported that in January-February of this year, the governmental computer emergency response team CERT-UA handled more than three hundred cyber incidents and cyber attacks, which is almost half as many as in the corresponding period last year. The department explains the then high activity of Russian hackers by the preparation of Russia for a full-scale invasion.

Since the beginning of 2023, CERT-UA has recorded an increase in the number of cyberattacks for the purpose of espionage, with an emphasis on maintaining permanent access to the organization. In addition, most of the malware distributed by Russian hackers is data collection and remote access to devices.

According to specialists from the State Service for Special Communications, Russia is thus preparing for a long war and is trying to obtain any information that can give an advantage in the war against Ukraine, including data on the mobilization and logistics of Western weapons.

Disclosure Spy letters to have been sent out by Ukrtelecom

The Government computer emergency response team of Ukraine (CERT-UA) recorded the distribution of emails on behalf of JSC Ukrtelecom.

The subject of the letter was about a legal claim on a personal account. A file with the “pdf.exe” format was attached to the letters, after launching of which the Remcos remote control and monitoring program was installed on the user’s computer. This application is payable and can be purchased from the manufacturer's website. Similar attempts have been repeatedly recorded since 2020. Previous cyberattacks have been carried out using the RemoteUtilities remote administration program. Letters were sent mainly to public authorities. Probably for espionage.

Earlier, experts said that Ukraine beats off from 5 to 40 powerful DDoS attacks every day.

Disclosure Ukraine repels from 5 to 40 powerful DDoS attacks daily

This was announced by the head of the State service for special communications and information protection of Ukraine Yurii Shchyhol. In December 2022, the State Service for Special Communications stopped and blocked 395 such attacks. Today, on January 18, specialists from the State Service for Special Communications stopped a cyberattack by Russian hackers on the resources of the Ukrinform news agency.

In total, in 2022, the government's CERT-UA Computer emergency response team registered 2,194 cyber attacks. A quarter of them are against the government and local authorities. The energy sector, the security and defense sector, telecoms and developers, the financial sector, and logistics were most attacked. In addition, in December the system recorded 170,000 attempts to exploit vulnerabilities in government information resources protected by services. Most often, Russian military hackers send out malware that steals credentials or destroys information systems.

The State service for special communications and information protection also investigates attacks in the private sector - about 200-300 cyber incidents per day. They are examined mainly in semi-automatic mode.

Earlier, Detector Media talked about phishing attacks on Ukrainians. In particular, the scammers promised Ukrainians six thousand hryvnias of “New Year's” assistance; collected information about Ukrainian refugees and migrants; urged Ukrainians to apply for supposedly receiving financial assistance. More details.

Manipulation Ukraine recognizes the effectiveness of Russian cyberattacks

Russian media report that Ukraine allegedly recognized the effectiveness of Russian cyberattacks on critical infrastructure. Russian propaganda claims that Viktor Zhora, Deputy Chairman of the State Service for Special Communications and Information Protection of Ukraine, told Politico about this. This is not true.

The Politico article referred to by the propagandists does not say a word about the effectiveness of Russian cyberattacks. As StopFake writes, the material states that such attacks should be considered war crimes, since they are aimed at the critical and civilian infrastructure of Ukraine. At the same time, both the SBU (Security service in Ukraine) and the State Special Communications Service reported that during the full-scale war, Russian hackers did not achieve strategic goals. Ukrainian experts collect evidence of cyberattacks carried out by Russia together with missile attacks, and transfer this information to the International Criminal Court in The Hague.

At the end of 2022, the Security Service of Ukraine said that they neutralized hundreds of Russian cyber attacks and cyber incidents on Ukrainian energy facilities, of which about 30 could become supercritical. The State Service for Special Communications reported that 2,100 cyber incidents and cyber attacks were recorded against Ukraine, of which more than 1,500 were initially made after the full-scale Russian invasion of Ukraine. Most often, Russian hackers attack the public sector, especially the energy sector.

Disclosure Ukrainians receive letters with harmful links on behalf of the State Emergency Service of Ukraine

The cyberattack with dangerous emails was detected by specialists from the cybersecurity unit of “Ukrzaliznytsia” (Ukrainian railway). The subject of the letters is “How to recognize a kamikaze drone”, and they allegedly arrive on behalf of the State Emergency Service of Ukraine (DSNS) from morgunov.a@dsns.com[.]ua.

The attachment to the letter contains the RAR archive "shahed-136.rar" with the PPSX document "shahed.ppsx". If you open it, the file "WibuCm32.dll" will be downloaded to the device. It is classified as DolphinCape malware. The main functionality of the program is to collect information about the computer, run EXE/DLL files, as well as create and exfiltrate screenshots.

Disclosure Russian hackers send letters with malicious links on behalf of the State Service of Special Communications and Information Protection of Ukraine

Ukrainians began to receive e-mails from Russian hackers represented by specialists from the State Service of Special Communications. Attached to this message is a link to download the archive file (RAR) and a label with the name "TZI tools with an expert opinion on compliance with the requirements of technical information security.lnk".

Specialists of the State Service of Special Communications and the Computer Events Response Team note that opening this file will lead to the download of malicious programs, including some that can steal your personal data.

Letters are sent through the service @mail.gov.ua This is how attackers try to disguise themselves as representatives of state bodies.

Disclosure Russian propaganda disseminates information about a break in the IT system of situational awareness of the Armed Forces of Ukraine

This was reported in the Ministry of Defense of Ukraine. A recently updated version of this system was successfully presented at the annual NATO Tide Sprint conference of experts and developers. Shortly thereafter, the enemy began to attack the system and disseminate information through a network of propaganda resources about the alleged kink and access to its data in order to discredit it. The information systems and tools used by the Ukrainian defenders are a strategic target for the enemy, as is the country's critical or energy infrastructure. The Ministry of Defense of Ukraine reports that now the system is working stably, the data in it is securely protected, no unauthorized intrusions have been recorded. IT developers and cybersecurity specialists monitor hostile activity in real time.

Disclosure Criminals are distributing e-mails allegedly from the Press Service of the General Staff of the Armed Forces of Ukraine

It was reported on the page of the General Staff of the Armed Forces of Ukraine on the Facebook social network.

Letters from the Press Service of the General Staff of the Armed Forces of Ukraine began to get in the e-mail boxes and messengers of the addressees. However, this spam mailing comes from addresses that have nothing to do with the Armed Forces of Ukraine and contain malicious files (viruses, trojans, etc.).

The General Staff of the Armed Forces of Ukraine calls for caution. It is recommended to carefully read the e-mail address of the letter's sender and check its authenticity to prevent the infection of personal gadgets with malicious software. Previously, the Russians allegedly sent computer viruses on behalf of the SSU under the guise of instructions on acting in the conditions of an active phase of hostilities.

Disclosure Russian hackers send malicious emails with the subject "Final Payment"

The Government Computer Emergency Response Team of Ukraine CERT-UA, which operates under the State Service of Special Communications and Information Protection of Ukraine, reported a new cyber attack: mass sending of emails with the subject "Final Payment" and an attachment of the same name in the form of TGZ- archive. The archive contains an EXE file, the opening of which will lead to the download of malicious programs on the computer and, as a result, data theft. The attack is linked to the group of Russian hackers UAC-0041.

Disclosure On behalf of the OSINT company Molfar, they spread a fake about the shelling of Kyiv

The Russians distributed the fake information as a copy of a printed document entitled "Urgent notice regarding probable missile strikes soon on the territory of Ukraine." It is a fake. As the company reports, "it is a fake, a throw-in and just a clumsy discredit aimed at taking revenge on Molfar for their work for Ukraine." The information in the fake document is presented "in the style of a cabinet order of the power structure, where decision-making depends on seals and signatures." This style of formulating texts is not characteristic of Molfar researchers. Fact-checkers point out that they do not have insider information about missile attacks, and it is impossible to predict missile flight routes based on OSINT analytics. The logo of the Molfar brewery was also used in the fake document. The company urges us to verify the information and not to believe fakes. More details.